1 |
El 07/01/12 22:08, Anthony G. Basile escribió: |
2 |
> Hi everyone, |
3 |
> |
4 |
> A long time ago, Gentoo used to provide RSBAC sources. For those of you |
5 |
> unfamiliar with RSBAC = rules set based access control, it provides |
6 |
> hardening similar to grsec. See their web page at: |
7 |
> |
8 |
> https://www.rsbac.org |
9 |
> |
10 |
> These patches were eventually removed because of waning activity, but |
11 |
> recently Amon Ott and his team started working on RSBAC and there has |
12 |
> been renewed interest within the community. You can see their activity |
13 |
> on their repos: |
14 |
> |
15 |
> http://git.rsbac.org/cgi-bin/gitweb.cgi |
16 |
> |
17 |
> So, I put the rsbac admin tool and kernel sources on my overlay and |
18 |
> Issiah Hill started testing them. I think we've progressed to the point |
19 |
> where we can reintroduce those kernel sources back into the gentoo tree, |
20 |
> so I did. |
21 |
> |
22 |
> The new packages are |
23 |
> |
24 |
> 1) sys-kernel/rsbac-sources = vanilla linux 3.1.5 + genpatches + rsbac |
25 |
> patches. They do NOT at present contain the pax patches, but will in |
26 |
> the next rev bump. |
27 |
> |
28 |
> 2) sys-apps/rsbac-admin = the admin tool for rsbac |
29 |
> |
30 |
> At this point, everything is experimental and I would not recommend them |
31 |
> for a production server. But they are there now for testing and |
32 |
> hopefully full stabilization. I welcome feedback from both our users |
33 |
> and the RSBAC team. |
34 |
> |
35 |
On a side note, the old RSBAC documentation is available at |
36 |
http://www.gentoo.org/proj/en/hardened/rsbac/ This documentation is old |
37 |
and unsupported (that's why it is no longer accesible from the hardened |
38 |
space), but patches are welcome to get it up to date. To see the sources |
39 |
of the document just add ?passthru=1at the end of the URL. |